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(57) Abstract: A method and system for authorizing/authenticating E-commerce transactions is provided. The process registers a 
user and service providers for conducting secured on-line electronic commerce transactions. To register the user, profile information 
is entered and a telephone call is initiated. The user is prompted to enter an authentication code and thereafter, the user enters the 
authentication code. The user specific authentication code is then stored in a database. Thereafter the registered user can request to 
conduct an E-commerce transaction with the service provider that is also registered with an authorization /authentication module. 
The authorization/authentication module generates a transaction identification number upon receiving the user's request and initiates 
a telephone call to the user. Thereafter the user is prompted to enter the authentication code and the transaction identification number 
for verifying user identity. The entered authentication numbers compared with stored authentication number. 
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Method and system for authenticating e- 
commerce transaction 

field of the invention 

The invention relates to a method and system for authenticating 
E-commerce transaction. 

Appendix "A" and T attached to this specification contain source 
code in HTML, Java, Java script, Visual basic programming 
language for programming a computer, are a part of the present 
disclosure, and are incorporated by reference in their entirety. 

A portion of the disclosure of this patent document contains 
material that is subject to copyright protection. The copyright 
owner has no objection to the facsimile reproduction by anyone of 
the patent document or the patent disclosure, as it appears in the 
patent and trademark office patent files or records, but otherwise 
reserves all copyright whatsoever. 

The internet connects thousands of computers world wide through 
well-known protocols, for example, Transmission Control 
Protocol (TCPyinternet Protocol (IP), into a vast network. 



0219614A1 I > 



WO 02/19614 



PCT/IN01/00102 



Information on the Internet is stored world wide as computer files, 
mostly written in the Hypertext Mark Up Language ("HTML"). 
The collection o f all such publicly a vailable computer fi les i s 
known as the World Wide Web (WWW). 

The WWW is a multimedia-enabled hypertext system used 
for navigating the Internet and is made up of hundreds of 
thousands of web pages with images and text and video files, 
which can be displayed on a computer monitor. Each web page can 
have connections to other pages, which may be located on any 
computer connected to the Internet. 

A typical Internet user uses a client program called a "Web 
Browser" to connect to the Internet. A user can connect to the 
Internet via a proprietary network, such as America Online or 
CompuServe, or via an Internet Service Provider, e.g., Earthlink. 

A Web Browser may run on any computer connected to the 
Internet. Currently, various browsers are available of which two 
prominent browsers are Netscape Navigator™ and Microsoft 
Internet Explorer™ . The Web Browser receives and sends requests 
to a web server and acquires information from the WWW. A web 
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server is a program that, upon receipt of a request sends the 
requested data to the requesting user. 

A standard naming convention known as Uniform Resource 
Locator ("URL") has been adopted to represent hypermedia links 
and links to network services. Most files or services can be 
represented with a URL. URLs enable Web Browsers to go directly 
to any file held on any WWW server. 

Information from the WWW is accessed using well-known 
protocols, including the Hypertext Transport Protocol ("HTTP"), 
the Wide Area Information Service ("WAIS") and the File 
Transport Protocol ("FTP"), over TCP/IP protocol The transfer 
format for standard WWW pages is Hypertext Transfer Protocol 
(HTTP). 

The advent and progress of the Internet has changed the way 
consumers shop. A consumer today can buy numerous products 
and services via the Internet. A typical electronic commerce 
transaction ("E-commerce") involves the following steps: (a) a 
consumer logs onto a merchant's website, (b) selects products 
and/or services, (c) pays via credit or debit card or other electronic 

3 
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means, and (d) the transaction is completed, and thereafter 
products and/or services are delivered and/or performed. 

E-commerce transactions today have gained considerable 
popularity among consumers and businesses. However, the security 
for E-commerce transactions is still questionable. Typically, a 
consumer uses a user identification number ("user ID.") and user 
specified password to execute an E-commerce transaction. 
However, if an unauthorized user accesses the user ID and 
password, then the current security systems will fail to prevent an 
unauthorized E-commerce transaction. Hence consumers and 
businesses can potentially loose millions of dollars because the 
conventional security systems in E-commerce do not have an 
efficient authorization and authentication process. 

Therefore, what is needed is a method and system for 
authenticating and authorizing E-commerce transactions that can 
enhance security for conventional E-commerce transactions. 

SUMMARY 

The present invention solves the foregoing drawbacks by 
providing a method and system for authorizing/authenticating 

4 
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E-commerce transactions. Before allowing a user to proceed with 
an E-commerce transaction, the process registers the user with a 
central registry. The user enters user infomiation, which is then 
received by the registry. The user may enter user information in a 
web browser and transmit the information to the registry via the 
Internet, the main channel for the E-commerce transaction. 

After the registry receives the profile information, under the 
registration process, the registry initiates a call to a user designated 
personal device, for example, a mobile telephone or a land phone 
etc. It is noteworthy that the user designated device is based upon 
an alternate channel separate from the main E-commerce 
transaction channel. The user is prompted to enter an 
authentication code. The user enters the authentication code, which 
is then stored in the database, and the user is registered. 

According to the present invention, the service provider that 
provides goods and/or services to the user is also registered with 
the registry. Under one aspect of the present system, a registered 
user can request an E-commerce transaction with a registered 
service provider. 
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The registry receives a user transaction request to proceed 
with an E-commerce transaction. Such a request is received from 
the main E-commerce transaction channel, generally through a web 
browser. The registry generates a transaction identification number 
upon receiving the user's request. The transaction identification 
number is sent to the user via the main E-commerce transaction 
channel. The registry initiates a call to a user designated personal 
device, for example, a mobile telephone or a land phone etc. It is 
noteworthy that the user-designated device is based upon an 
alternate channel separate from the main E-commerce transaction 
channel. Thereafter the user is prompted to enter an authentication 
code and the transaction identification number for verifying user 
identity. A cell phone, a mobile telephone or a land phone may be 
used to receive the telephone call and enter the authentication code. 
Other devices for example a two-way pager and smart cards etc. 
may also be used to enter the authentication code. 

The user enters the authentication code and the transaction 
identification number. User entered authentication code is 
compared with user specific stored authentication code. User 
entered transaction identification number is also compared with the 
generated transaction identification number. If both the numbers 
match, user identity is authenticated, and the user is authorized to 

6 
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proceed with the requested transaction. Authorization data 
including transaction identification number, date and time of 
transaction, and the IP address of the device that is connected to 
the main channel are stored. 

One advantage of the present invention is that initiation and 
authentication of an E-commerce transaction requires two different 
channels The mam channel provides security for the user to request 
a transaction and obtain a transaction identification number. The 
alternate channel assists in authentication. In order to breach the 
system of the present invention, one will have to know the user 
login identity and password on the main channel, personal device 
details, authentication code on the alternate channel, transaction 
identification number on the main channel and know the algorithm 
used for encrypting all the data during the transaction. The 
probability of simultaneously acquiring all the foregoing data is 
quite remote. Hence the present invention provides a secure system 
for E-commerce transactions. 

Another advantage of the present process is that a user must 
enter an authentication code for registration via an alternative 
channel and device, e.g., a cell, mobile or land phone, two-way 
pager or smart cards etc. Hence even if user password is stolen, the 
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authentication code is still required to proceed with a transaction. 
This additional channel (authentication code and transaction 
identification number) provides an extra layer of security for 
vulnerable E-commerce transactions. 

Yet another advantage of the present system is that a user 
must enter two sets of numbers, one transaction specific, i.e., the 
transaction identification number, and another user specific, i.e., 
the authentication code. Since the user must be identified prior to 
any transaction by entering the authentication code via an alternate 
channel other than the main E-commerce transaction channel, it 
provides a degree of security that is much more stringent than 
identifying the user by merely a password. 

Yet another advantage of the present system is that users can 
authenticate themselves via a mobile phone. Hence the system is 
flexible. 

Yet another advantage of the present invention is that the 
authentication code is entered on a device (e.g. cell phone or land 
phone etc.) specified by the user. 

8 
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Yet another advantage of the present invention is that any 
transaction authorized by registry is stored for future reference. 
Hence any claims by the user or a third party against authorized 
transaction can be repudiated by the stored authorization data. 

This brief summary has been provided so that the nature of 
the invention may be understood quickly. A more complete 
understanding of the invention can be obtained by reference to the 
following detailed description of the preferred embodiments thereof 
in connection with the attached drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 illustrates a computing system to carry out the 
inventive technique. 

Figure 2 is a block diagram of the architecture of the 
computing system of Fig. 1. 

Figure 3 is a block diagram of the Internet Topology. 

Figure 4 A is a block diagram of the architecture of a system, 
according to the present invention. 
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Figure 4B is a block diagram of a registry module according 
to the present system. 



Figure 4C is a block diagram of the architecture showing a 
Service point coupled to the registry module, according to the 
present invention. 

Figure 5A is a flow diagram showing process steps for 
registering users. 

Figure 5B is a flow diagram showing process steps for 
registering service providers. 

Figure 6 is flow diagram of process steps for authorizing and 
authenticating an E-commerce transaction according to the present 
invention. 

The use of similar reference numerals in different Figures 
indicates similar or identical items. 
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DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

Figure 1 is a block diagram of a computing system 10 for 
executing computer executable process steps according to one 
embodiment of the present invention. A consumer conducting an 
E-commerce transaction may use the computing system of Figure 
1. Computing system 10 is connected to the main E-commerce 
transaction channel (Internet). It is noteworthy that the Figure 1 
block diagram is not limiting and merely illustrative. Other devices 
that allow E-commerce transactions may be used to implement the 
methods and systems of the present invention. For example, 
laptops, notebook computers, a handheld device like the 
Palm-Pilot™ , digital or WebTV T ™ or a remote wireless device 
that can be connected to the Internet or another computer network 
that allows E-commerce transactions may be used instead of the 
computing system of Figure 1. Computing System 10 may also be 
used to host the authorization/authentication system according to 
the present invention. 

Figure 1 includes a host computer 10 and a monitor 11. 
Monitor 11 may be a CRT type, a LCD type, or any other type of 
color or monochrome display. Also provided with computer 10 is a 

li 



MSDOCID: <WO 0219614A1J_> 



WO 02/19614 



PCT/IN01/00102 



keyboard 13 for entering text data and user commands, and a 
pointing device 14 for processing objects displayed on monitor 1 1 . 



Computer 10 includes a computer-readable memory medium 
such as a rotating disk 15 for storing readable data. Besides other 
programs, disk 15 can store application programs including web 
browsers by which computer 10 connects to the Internet and the 
systems described below, according to one aspect of the present 
invention. 

Computer 10 can also access a computer-readable floppy 
disk storing data files, application program files, and computer 
executable process steps embodying the present invention or the 
like via a floppy disk drive 16. A CD-ROM interface (not shown) 
may also be provided with computer 10 to access application 
program files, audio files and data files stored on a CD-ROM. 

A modem, an integrated services digital network (ISDN) 
connection, or the like also provides computer 10 with an Internet 
connection 12 to the World Wide Web (WWW). The Internet 
connection 12 allows computer 10 to download data files, audio 
files, application program files and conduct E-commerce 

12 



3NSDOCID: <WO 0219614A1J_> 



WO 02/19614 



PCT/IN01/00102 



transactions. Internet connection 12 provides access to the main 
E-commerce transaction channel. 

Computer 10 is also provided with external audio speakers 
17A and 17B to assist a consumer to listen to any audio files. It is 
noteworthy that a listener may use headphones instead of audio 
speakers 17 A and 17B to listen to any audio files. 

Figure 2 is a block diagram showing the internal functional 
architecture of computer 10. As shown in Fig. 2, computer 10 
includes a CPU 201 for executing computer-executable process 
steps and interfaces with a computer bus 208. Also shown in 
Figure 2 are a WWW interface 202, a display device interface 203, 
a keyboard interface 204, a pointing device interface 205, an audio 
interface 209, and a rotating disk 15. Audio Interface 209 allows a 
listener to listen to music, On-line (downloaded using the Internet 
or a private network) or off-line (using a CD). 

As described! above, disk 15 stores operating system program 
files, application program files, web browsers, and other files. 
Some of these files are stored on disk 15 using an installation 
program. For example, CPU 201 executes computer-executable 
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process steps of an installation program so that CPU 201 can 
properly execute the application program. 



A random access main memory ("RAM") 206 also interfaces 
to computer bus 208 to provide CPU 201 with access to memory 
storage. When executing stored computer-executable process steps 
from disk 15 (or other storage media such as floppy disk 16 or 
WWW connection 12), CPU 201 stores and executes the process 
steps out of RAM 206. 

Read only memory ("ROM") 207 is provided to store 
invariant instruction sequences such as start-up instruction 
sequences or basic inpul/output operating system (BIOS) 
sequences for operation of keyboard 13. 

Figure 3 shows a typical topology of a computer network 
with computers similar to computer 10, connected to the Internet. 
For illustration purposes, three computers X, Y and Z are shown 
connected to the Internet 302 via Web interface 202 through a 
gateway 301, where gateway 301 can interface N number of 
computers. Web interface 202 may be a modem, network interface 
card or a unit for providing connectivity to other computer systems 
over a network using protocols such as X.25, Ethernet or TCP/IP, 
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or any device that allows, directly or indirectly, 
computer-to-computer communications. 

It is noteworthy that the invention is not limited to a 
particular number of computers. Any number of computers that 
can be connected to the Internet 302 or any other computer 
network may be used. 

Figure 3 further shows a second gateway 303 that connects 
a network of web servers 304 and 305 to the Internet 302. Web 
servers 304 and 305 may be connected with each other over a 
computer network. Web servers 304 and 305 can also facilitate 
provide E-commerce transactions, according to the present 
invention. Web servers 304 and 305 can also host the present 
system that secures E-Commerce transactions. Also shown in 
Figure 3 is a client side web server 308 that can be provided by an 
Internet service provider. 

Figure 4A is a block diagram of the architecture, according 
to one embodiment of the present invention. A user's terminal 401 
communicates with a registry 402. Terminal 401 may be similar to 
computer 10, laptop computer, a notebook computer, digital TV or 

15 
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WebTV a hand held device or similar device that can be 
connected to the Internet or another network. 



Registry 402 may reside at a web server 304. A user inputs 
user specific information via terminal 401 and the user information 
is transferred to registry 402. 

Figure 4B shows a block diagram of registry module 402 
that includes receiving module 403A that receives requests from 
user terminal 401 . Receiving module 403 A also communicates with 
a database 403B either to store user information or search for user 
information. 

Receiving module 403A also communicates with interactive 
Voice Response System ("IVR") 903C that can contact the user via 
an alternate channel 403D (not shown). Alternate channel 403D 
may allow a connection to a mobile or land phone, or two way 
pagers, and/or other devices. One example of IVR 403 C is sold by 
Dialogic Corporation 1515 Route 10, Parsippany, NJ 07054, Part 
number D/21H, which is a High Performance 2 Port voice 
processing board. It is noteworthy that the invention is not limited 
to the foregoing IVR 403 as sold by Dialogic Corporation, other 
comparable or similar voice processing boards and/or software 

16 
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modules may be used to practice the embodiments under the 
present invention. IVR 403C is used to contact a user for 
authenticating an E-commerce transaction, as described below. 

Figure 4C is a block diagram showing a service point 404 
that communicates with registry 402. Service point 404 allows a 
user via user terminal 401 to conduct an E-commerce transaction. 
Service point 404 may be any commercial web site that can 
facilitate an E-commerce transaction. 

Figure 5 A is a flow diagram of executable process steps to 
register a user under the present invention. 

The registration process starts in step S501 . 

In step S502, a user enters user specific information. Various 
fields may be used to develop and store user profiles. A user 
interface is provided to a user on a display device similar to display 
device 1 1 . The user may be asked to enter first name, last name, 
middle initials, electronic mail ("email") address, user name, 
password, telephone number either land or mobile, pager number, 
fax number, user address, occupation, and a question that gives a 
user a hint to remember the user password etc. It is noteworthy that 

17 
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the present invention is not limited to a particular number of fields 
for creating user profiles. User profile information is sent to registry 
402 in an encrypted form using Secure Socket Layer (SSL) 
technology. SSL is a 40/128 bit encryption process in the TCP/IP 
layer of web browsers, such as Netscape ™ and Internet Explorer 
™ Profile information is stored in database 403B. Every user 
chooses a unique usemame and a password. It is noteworthy that a 
user can update user profile information subsequently. 

In step S503, registry 402 sends an acknowledgement to the 
user that profile information has been received. Receiving module 
403A receives input user information and sends an email or 
facsimile to the user acknowledging that user information has been 
received. Receiving module 403A may also send the 
acknowledgement via a pager etc. 

In step S504, a validation process verifies user information 
sent in step S501. Various levels of security may be used for 
validation. A level 1 validation may request an acknowledgement 
from the user after step S503 via electronic mail, facsimile or a 
telephone call. A level 2 validation may require a user to provide 
documentary evidence to establish user identity, for example, a 
copy of a driver's license, social security number, passport, or birth 
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certificate etc. A level 3 validation, may require a user to personally 
visit a specific authorization agent, for example, a notary or a 
service that can provide authorization services for validating and 
verifying user identity. 

After user information is validated in step S504, in step 
S505, registiy 402 places a telephone call to the user. Such 
telephone calls may be placed to the users cellular or mobile phone 
or a land phone. Registry 402 uses IVR 403B to place the 
telephone call. The telephone call is placed to the latest telephone 
number provided by the user. 

In step 506 5 IVR 403C provides a list of options to the user 
and prompts the user to select a mobile digital authentication code 
("MDC")on a designated device. MDC is a user specific code. 
MDC is used to authenticate any fixture E-commerce transaction 
that may be requested by the user. MDC may be a combination of 
numeric, alpha numeric or special characters. 

In step S507, the user enters the MDC on a designated 
device. The user previously enters information regarding such 
designated device, for example cell phone telephone number etc., in 
step S502. The designated device may be a cell or mobile phone. 

19 
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The invention is not limited to a cell or mobile phone. A regular 
land telephone system may be used to enter the MDC. Also other 
devices may be used to enter the MDC. For example, a two-way 
pager may be used to enter the MDC. A smart card may also be 
used to enter the MDC. The Smart Card Industry Association 
(accessible via the Internet at www.scia.org) provides a description 
of Smart card technology. One such description is provided in 
"Smart Cards " by Carol H. Fancher and is incorporated herein by 
reference, available at www.scia.org/knowledgebase/default.htm. 

IVR 403C may also ask the user to confirm MDC more than 
once after the user has entered the MDC for the first time. 

In step S508, MDC is transferred from the designated device 
to registry 402. MDC may be encrypted at the designated device 
before being transferred to registry 402. Various encryption 
techniques may be used to encrypt the MDC before being 
transferred to registry 402. Receiving module 403 A receives the 
MDC and links the MDC to user identification number. Thereafter 
the MDC is stored in an encrypted format in database 403E. 
Various encryption techniques may be used to encrypt MDC code 
and store the encrypted code at servers 304 and/or 305 as content 
306 and/or 307. 

20 
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Figure 5B is a process flow diagram showing process steps 
for registering service point 404 such that a user may utilize the 
authentication/authorization system according to the present 
invention, while conducting E-commerce transactions. 

In step S500A, service point 404 representative logs on to 
registry 402. 

, In step S500B, via service point 404, a service point 
representative enters service point 402 information. Such 
information may include, name of the service point, address, 
telephone number, registration number, service point identification 
number, password and encrypting technique that the service point 
intends to use. 

In step 500C, registry 402 sends an email acknowledging 
receipt of the registration information. The foregoing process 
registers a particular service point 404 to use the secured 
E-commerce transaction system of the present invention. 
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Figure 6 is a process flow diagram describing the 
authorization/authentication of an E-commerce transaction, 
according to the present invention. 



In step S601, a user logs onto the website of service point 
404(e.g., Amazon.com, a Registered Trademark). The user may 
use a computing system 10 to log on to sendee point 404. Service 
point 404 is previously registered with registry 402 of the present 
invention (Fig SB). The user sends a request to service point 404 to 
buy goods and/or services. The user transaction request is received 
by service point 404. User uses a user identification number and a 
password to initiate the transaction. 

In step S602, service point 404 transfers the user request for 
the transaction to registiy 402 and in particular to receiving module 
403A. 

In step S603, registry 402 identifies the user based upon 
user identification number and password stored in database 403B. 
Thereafter, receiving module 403A generates a transaction 
identification number that is displayed on service point 404 ! s 
website. The transaction identification number is visible to the user 
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on display device 1 1 while the user is conducting the transaction 
via service point 404's website. 

In step S604, IVR 403s contacts a designated device. If the 
designated device is a telephone, then IVR 4038 triggers a 
telephone call to a telephone number provided by the user. It is 
noteworthy that a cell, mobile or land telephone may be used. Also 
other devices may used for contact between registry 402 and the 
user. For example, a two-way pager may be used. A smart card 
may also be used. The Smart Card Industry Association (accessible 
via the Internet at www.scia.org) provides a description of Smart 
card technology. One such description is provided in "Smart Cards 
" by Carol H. Fancher and is incorporated herein by reference, 
available at www.scia.org/lcnowledgebase/default.htm. 

In step S605, IVR 403C prompts the user to enter user 
specific MDC along with the transaction identification number as 
seen on the service point 404 r s webpage. 

In step S606, the user enters the MDC along with the 
transaction identification number. The user enters the MDC in a 
designated device. For example, a mobile or cell phone if the call 
in step S604 is placed to a cell or mobile phone. If the call in step 
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S604 is placed to a land phone, then the user may enter the MDC 
via the land phone. As discussed above, other devices may also be 
used to enter the MDC. 



In step S607, the designated device where the MDC is 
entered, transfers the MDC to registry 402. Again, as described in 
step S508 (Fig. SA), the MDC before being transferred may be 
encrypted. 

In step S608, registiy 402 compares user entered MDC with 
user specific MDC stored in database 403B. (Figure SA). Registry 
402 also verifies the user entered transaction identification number 
after comparing it with the transaction identification number 
generated in step S603. 

If the numbers in step S608 match, then in step S609, 
registry 402 authorizes the user requested E-commerce transaction 
request. The authorization data is stored in database 403B. 
Authorization data includes transaction number, date and time of 
transaction as linked to user identification number, password and 
MDC. This can assist service point 402 to repudiate any claims by 
a user that a specific transaction was unauthorized. 
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One advantage of the present invention is that initiation and 
authentication of an E-commerce transaction requires two different 
channels. The main channel provides security for the user to 
request a transaction and obtain a transaction identification 
number. The alternate channel assists in authentication. In order to 
breach the system of the present invention, one will have to know 
the user login identity and password on the main channel, personal 
device details, authentication code on the alternate channel, 
transaction identification number on the main channel and know 
the algorithm used for encrypting all the data during the 
transaction. The probability of simultaneously of acquiring the 
foregoing data is quite remote. Hence the present invention 
provides a secure system for E-commerce transactions. 

Another advantage of the present process is that a user must 
enter an authentication code for registration via an alternative 
channel and device, e.g., a cell, mobile or land phone, two-way 
pager or smart cards etc. Hence even if user password is stolen, the 
authentication code is still required to proceed with a transaction. 
This additional channel (authentication code and transaction 
identification number) provides an extra layer of security for 
vulnerable E-commerce transactions. 
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Yet another advantage of the present system is that a user 
must enter two sets of numbers, one transaction specific, i.e., the 
transaction identification number, and another user specific, i.e., 
the authentication code. Since the user must be identified prior to 
any transaction by entering the authentication code via an alternate 
channel other than the main E-commerce transaction channel, it 
provides a degree of security that is much more stringent than 
identifying the user by merely a password. 

Yet another advantage of the present system is that users can 
authenticate themselves via a mobile phone. Hence the system is 
flexible. 

Yet another advantage of the present invention is that the 
authentication code is entered on a device (e.g. cell phone or land 
phone etc.) specified by the user. 

Yet another advantage of the present invention is that any 
transaction authorized by registry is stored for future reference. 
Hence any claims by the user or a third party against authorized 
transaction can be repudiated by the stored authorization data. 
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Microfiche appendix t! A" that is attached hereto contain 
source code in HTML, Java, Java script, Visual basic programming 
language for programming a computer, are a part of the present 
disclosure, and are incorporated by reference in their entirety. The 
attached appendices provide two examples of implementing the 
foregoing aspects of the present invention. It is noteworthy that the 
invention is not limited to the examples in the attached appendices, 
other computer languages may be used to implement the foregoing 
aspects of the present invention. 

Although the e present invention has been described with 
reference to specific embodiments, these embodiments are 
illustrative only and not limiting. Many other applications and 
embodiments of the present invention will be apparent in light of 
this disclosure and the following claims. 
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CLAIMS 

1. A method for authenticating an electronic commerce 
transaction, comprising: generating a transaction identification 
number upon receiving a user request for the electronic commerce 
transaction; contacting a user requesting the electronic commerce 
transaction; and prompting the user to enter an authentication code 
for verifying user identity. 

2. The method of claim 1, further comprising: prompting the 
user to enter the transaction identification number. 

3. The method of claim 1, further comprising: entering the 
authentication code, wherein the authentication code is entered via 
a mobile telephone . 

4. The method of claim 2, further comprising: entering the 
transaction identification number. 

5. The method of claim 3, further comprising : comparing the 
entered authentication code with a previously stored authentication 
code. 
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6. The method of claim 4, further comprising: comparing the 
user entered transaction number to the generated transaction 
number. 

7. A method for registering a user for conducting secured on-line 
electronic commerce transaction, comprising: entering user profile 
information; contacting the user whose profile information is 
entered; and prompting the user to enter an authentication code. 

8. The method of claim 7, further comprising: entering the 
authentication code, wherein the authentication code is entered via 
a mobile phone; and storing the authentication code with user 
profile information. 

9. A system for authorizing and authenticating electronic 
commerce transaction, comprising: a registry module that registers 
users to conduct electronic commerce transactions; and a 
authentication/authorization module, that initiates a telephone to 
verify user identity. 

10. The system of claim 9, wherein the authorization/ 
authentication module includes a database for strong user identity 
data. 
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11. The system of claim 10, wherein the authorization/ 
authentication module includes a voice response system that 
provides a menu of options to users to enter user specific 
authentication code. 

12. The method of Claim 3, wherein the authentication code is 
entered via a land phone. 

13. The method of Claim 3, wherein the authentication code is 
entered via a two-way pager. 

14. The method of Claim 1 5 wherein the user is contacted via a 
cell phone. 

15. The method of Claim 1, wherein the user is contacted by a 
land phone. 

16. The method of Claim 1, wherein the user is contacted via a 
two way pager. 

17. The method of Claim 7, wherein the user is contacted via a 
cell phone. 
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18. The method of Claim 7, wherein the user is contacted by a 
land phone. 

19. The method of Claim 7, wherein the user is contacted via a 
two way pager. 

20. The method of Claim 8, wherein the authentication code is 
entered via a land phone. 

21. The method of Claim 8, wherein the authentication code is 
entered via a two-way pager. 

22. The method of Claim 8, wherein the authentication code is 
entered via a smart card. 

23. The method of Claim 3, wherein the authentication code is 
entered via a smart card. 
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AUTHENTICATION 



APPENDIX "AT 

PROCESS FOR HOMETRAPELCOM (A W EBSITE FOR E-COMMERCS 
TRANSACTIONS) 



TREE VIEW 



FIRS 

I ll. www.eapacctcch.coni 

I I 

| ^Iwww. hornet radchtm 

| displaymndonujip 

I 

t bometradcjip 



j MerLoginjava ( oycnoItnicrJVIerLogin) 

| M^rLogiaxIaui 



1) HTML FILES 

No. Name 



1- 
2. 



p^^^ioii/onHnc) 



Whereto be found 



wwiv.bometrade.com 



m ttlF.ORJPECi 



hap^Avvvw.cspacetech.coin 
hnp;//203,l 97, 1 38.75/hometradc.htin 



Where to tie found 



online 



online 



IIT) JgPFILE? 

No. Name. 



dispiayrandom.jsp 
bometradc.jsp 



Where to be found 
VexahiplesNoyenok 



IV) JAVA BEANsfSourcc files) 

No. Na me. ' Extcntion 



MerLogin 



.Java 



Wh^ohi* found 
classcs\oyes«)k\4nei\ 



V) CLASS FILES 

No. Name. 

2. Class 1 

3. , _ClassI 

4. Smegralnit 

5. JClassl Proxy 

6. "XuthTcst 

7. Test 



Extionsion 



Description 



Where to be found 



classesVoyenokVmeh 
classcs\oycnok\autnew\ 



VI> PLLi 

No. Name. 



To be filled.-* 



Extipreioff 



Uflffre lobe found 
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disnlav'random.isp 

<html>r 
<head> 

<script language="JavaScript"> 
function timerO { 

sett imeout("window.status='CIosing in 10 seconds'", 1000); 
setTinieoutC'window.status^Closing m ? seconds'", 2000); 
setTinieout("window.status='Closing }n 8 seconds'", 3000); 
sctTimeout("window.status='Closing in 7 seconds'", 4000); 
sctTimeout("window.status='Closing in 6 seconds'", S000); 
setTlnieout("vvindow.status='ClQsing in 5 seconds'", 6000); 
setTin^eout^vwndow.status^Closing in 4 seconds'", 7000); 
setUmeoutCwindow-status^Posing in 3 jseconds*", 8000); 
setHnieout("window.status='Closing in 2 seconds'", 9000); 
setTimeout("window.status='Closing in 1 seconds'", 10000); 
setTinieoutC'this.closeO", 1 1000); 



</script> 
</head> 

<body onLoad^timerO^ 
<center> 

<font face="Arial">Your Transaction ED is 
<B><%^equest.getParameter("random^.")%><B></font> 

</center> 
<Ax>dy> 
<html> 



hometrndc.isn 

<html> 

<head> 

<title>OyeNok Auth. V</title> 
</head> 

<jsp:useBean id="user" scope="page" cIass 3 -"oyenofc.mer.MerLogin"> 
<jsp:setProperty name^user" property 5 ""*" t> 
<% if (Juser.callUserO) f %> 
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<body> 

Not a Registered User 
<% } else { %> 

onLoad-'fo^^ 

ISPATCHER=HTS HPG_004 m > t . 

<qcnter> You are successfully? authorized, you will be taken to hometrade.com 

</center> 

<% } %> 

</jsp:useBean> 

</body> 

</html> 



ftfeirLogin.iava 

package dyenpjc.mer; 

import java.sql. 

public class MerLogin 
String name; 
String password; 
String random; 

public String getNameO { 
return name; 

public void setName(String name) { 
tliis.name = name; 

public void setPasswprd(String password) { 
ttiis.password = password; 

J 

public void setRandom(String random) { 
this.random - random; 

} 



public boolean callUserO { 
tiy { 

ClassTorName("sunjdbc.odbcJdbcOdbcDrivcr"); 

Connection con 3 
DriverManager.getConnection("jdbc:odbc:6yenokDSN","$a",""); 

Statement st = con.creatcStatementO; 
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String query - "SELECT creditho from USER.DETAILS 
WHERE userid?= ,H + name + "'"; 

ResultSet rs - st.executeQuery(query); 
rs.nextO; 

String ccID = rs.getString(l); 

oyenok.authenticate. AuthTe$t obj = new 

oyenok. authenticate. Au thTest(); 

Gbj.setkandom(ccID, random, ""); 
return obj.authenCall(ccID); 
}catch(Exception e) { 
return false; 

} 

^ * CIass.forName(-sun.jdbc.odbc.JdbcOdbcDriver"); 

Connection con = 
Driver\Anager.getConnection( H j4bc:odb,c:oyenofcDS^","sa",""); 

Statement st =» coacreateStatementO; 

Stiing query = "SELECT credhno from USER_DETAILS 

WHERE userid='" + name + <•'"; 

ResultSiet rs = st.executeQuery(query); 
rs.nextO; 

String ccID = rs-getString(l); 

query = "UPDATE USERJDETAILS SET randomno*'" + random 

+ m WHERE userid='" + name + "'"; 

st.executeUpdate(qiiery); 

oyenok.autnew.ClassJ obj^niiJl; 
try { 

String strArr[] - new String! 1]; 
strArrI0] = ccID; 

comJjnar.jintegra^Authlnfo authlnfo = new 
com.linar.jintegra.AuthInfo("Workgr(iup", "Administrator", ""); ' 

obj 5- nejw oyenok.autnew. Class 1(" 10. 10. 1 .36", authlnfo); 

return obj.callNumb(strArr); 
}catch(Exception e) ( 

Sy^tem.butprin|ln(e); 

return false; 
}finally{ 

com.linar.jintegra.Cleaner.release(obj); 

) 

}catch(Exception e) { 
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System.out.println(e); 
return false; 



public static void main(String ags[]) { 

System. out.println(new MerLogin().callUserQ); 



} 

} 

authentication.dll 

Dim WithEvents VoiceBocxl As VoiccBocx 

Dim Flag As Boolean 

Dim ivrConn As ADODB.Conneciion 

Dim IvtRs As ADODB.Rccordsct 

Dim temp As Integer 

Private Sub InitializeO 

I 

Set VoiceBocxl - New VoiccBocx 
Flag = False 

VokxBccxl.Log - LCX3_Deiailcd 
Set chConn - Createpbject(-ADpDBXpniicction ) 
Set chRs - Cxeatcdbject(-ADODB.Recordset-) 
chConn-Opcn "samDSN", "sa", "" 

Set VoiceBocxl - New VoiccBocx 

• Set the Logging level to 'Detailed* 
VoiccBocxl.Log = LOGJDctailed 

• Assign 'the Trunk Channel from the command line argument (if any) 

If Len(Command) > 0 Then 

VoiceBocxl. TrunkChannel = Val(Command) 

Else 

' The default channel is the 1st channel (numccr zero.) 
VoiceBocxl. TrunkChannel = 0 
End if 



End bun 

Private Sub Terminal e<) 

Set VoiceBocxl = Nothing 

ivxConn. Close 

Set ivxRs * Nothing 
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Set ivrConn - Nothing 



End Sub 

Private Sub HandlcOutboundCallQ 

Dim random, llnput, INuiribcr As Siring 
Dim ccNo, telno, aulld As String 
Dim flagl As Boolean 

If VoiceBocxl-HangupIsRunUmeError = True Then 
• MsgBox "Caller HungUP" 
flag! = False 
Flag = False 
End If 

If flag 1 - False Then 
•MsgBox (Tlaying Welcome Message.") 
VoiccBocxI.PIayFile ("C:\messages\wclcome7.vox' 



VoiceBo(»I.PlayFile("!C:\messages\transId.vox") 
llnput = VoiceBocxl.GetDigits(13, 20, 15, "#") 
Dim Length 
s Length - Lenfllnput) 
Length - Length - 1 



LSI 111 letup* . - 

tempi - ivrRs.Ficlds(7) & ivrRs.Fields<10) 

If llnput - Val(templ) Then 
VciccBocxLPlayFile ("C:\inessages\thanks0.vox ) 
•MsgBox "the User Is Authenticated" 
Flag = True 



MsgBox "The user is invalid" 
VoiceBocxLPlayFile ("C:\messages\notautherror.vox ) 

Flag 83 False 
End If 

ErrorTrap: 
• If it is a hangup, exit normally 
If VoiccBocxl.TronkStatcName ■ "RemoteDisconncc 

• MsgBox ("taller hiing up.") 

Call VoiccBocxl.DisconnectCall 

Call Terminate 
End If 

End If 
End Sub 




Else 
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Set ivrGonn - CreatcObjecl("ADODB Connection") 
Set ivrRs = CreatcObjcct("ADODB.Recordset") 
ivxConn-Open "chDSN", "sa", 

"MsgBox "Inside Testing Again" 
Call Initialize 

sql = "Select * from user_dc tails where credi'ino =" &_ 

— & ccNum & "*" 

ivrRs.Opcn sql, ivrConn, adOpenDj-namic/adLockOptimistic 
phoneNumbcrS = ivrRs.Ficlds(4) 
Call VoiceBo«l.MakcCall(phoneNumbcr$, True) 

Select Case (VoiccBocxhTrunkStatcName) 
Case "Connected" 

If ( VoiceBocx 1 .dlarcDetccted) Then 

* MsgBox "Glare - Connected Inbound" 
Call VoiceBocxl.DisconnectCall 
Call Terminate 
End If 

• MsgBox "Connected Outbound" 
Call HaiidleOutboundCall 

Case "NoConncct" 
• MsgBox "NoConnect" 
End Select 
svrRs.Closc 

Call Terminate 
DialNumb - Flag 

End Function 
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APPENDIX "B" 

AUTHENTICATION PROCESS FOR BirVBOOK.COM (A WEBSITE FOR K-COMMERCE 

TRANSACTIONS^ 

I . 

TREE VIEW 



Files 



buy book, htm 
I 1. disptayrandom.jsp 

| 2. authenticate jsp 

| 1. Evcntupdate.class.+ Eventupdatcjava (oycnok.au the n tic ate Even tupdatc) 



I) HTML FILES 
No. Name 



Description 



Where to be fownd 



1. 



buybook.htm 



The stimulated Buy Book Site \examples\oyenok\ 



IT) GTFsORJPECi 
No, Name. 



Where to be found 



1 ccrtiflcd.gif 

2 wpc2.gif 
3. >vpe3.gif 

4 icon-yhs.gif 

5 sbutton-savc-for-Iater.gif 

6 sbutton-delete.gif 

7 icon-books.gif 

8 sbunon-savc-for-iater.gif ■ 

9 sbuUon-deJcte.gif 

10 icon-vhs.gif 

1 1 sbutton-save-foMatcr.gif 

12 sbutton-delete.gif 

13 wpe4.gif 

14 tokikLgif 

1 5 0 130893404.0 1 .MZZZZZZZ.jfjg 

16 1861003625.01.MZZZZZZ2.jpg 



cxamplcs\oycnok\images\ 



irn jsp files 

No. Name. 



Where fp fre placed 



1. displayrandom.jsp 

2. authcnticatc.jsp 






\cxamplcs\oycnok\ 
\cxamples\oyenok\ 


TV) JAVA BE ANsf Source files'* 
No. Name. 


Extension 


Description 


Where to be placed 


L Evcntupdate 


Java 




\cIasscs\oycnokVauthcnticaie\ 


V) CLASS FILES 
No. Name. 


Extension 


Description 


Where to* be placed 


1. Eventupdate 


.class 




\classc^\oyenbk\autheniicate\ 


Vn DLLs 
No. Name. 


Extionsion 


Description 


\yhetr to be pla^tf 



Tobefilled-* 
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Buvbook.htm 

<html> 
<head> 

<meta http^uiv="Conterit-Language" conteht="en-us"> 

<meta http-equiv="Content-Type H content="text/html; charset=windows-1252"> 

<tit!e>ABC Book Stall</title> 

<s-wript language="javascript H > 

function creditcheck() 

{ 

} 

</script> 
</head> 
<bqdy> . 

<table width="91%" border="0" cellpadding="0" cellspacing="0" height="576 h > 

<tr> 

<td width-"17%" rovfepanT="2" valign="top" align="left" bgcolor="#FFCC99" 
height="576*> 

<tablc width="100%" border= H 0" cellpadding="0" height^"467"> : 

<tr^ 

<td width="100%" height="140" va!ign»"top" align="left M ximg bordei- B 0" 
src="ccrtifieiJ.gir align="right" widtlj="136" height="134"X/td^ 

</tr> 
<tr> 

<td width="100%" height="2rXtd> 
</tr> 
<tr> 

<td width="100%" heighi="33"S» 
<table width="100%" border="0" cellpaddirig="0" ceHspacing-="0"> 
<tr> 

<td width="13%"></td> , 

<t<i width="77%" bgcolon="#C0C0C0," bordercolor="/(000000'> 

- <:p align="center">Home 

<Ad> 

<id width="10%"X/td> 
</t|r> 
</tabIe> 
<ftd> 
<7tr> 
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<tr> 

<td width="100%" height="33"> 
<table width='M00%" border="0" cellpadding="0" celIspacing="0 M > 
<tr> 

<td width="12%"> </td> 

<td width="7S%" bgcolot- M #C0C0C0" 

<p align="center">Library 
</td> 

<td width= M 1 0%"> </td> 
</tr> 
</tab!e> 
</td> 
</tr> 
<tr> 

<td width=" 1 00%" height="33 "> 
<table width="101%" border="0" cellpadding="0" cellspacing="0"> 
<tr> 

<td width="12% M > </td> 

<td width="76%" bgcolor= H #C0C0C0"> 

<p align="center">Research 
</td*> 

<td width="13%"> <7td> 
</tr> 
</tabIe> 
</td> 
</tr> 
<tr> 

<td width=" 1 00%" height="33 "> 
<table width="100%" border= M 0" cellpadding="0" cellspacing="0"> 
<tr> 

<td width= H 12%"> </td> 

<td width="77%" bgco!or="#C0C0C0"> 

<p aIign="center">Online Notes 
</td> 

<td width="l l%"> </td> 
</tr> 
<AabJe> 
<Jtd> 
</tr> 
<tr> 

<td width="100%" height= H 33 H > 

<trble width=" 1 00%" border="0" cellpadding^O" celIspacing="0 H > 
<tr> 

<td width= M 13%"> <7td> 
<td vvidlh="76%" bgcolor="#C0C0C0"> 
<p align="center">Security 
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</td> 

<td width=" 1 1 %"></td> 

<i'lT> 

</table> 
</td> 
</tr> 
<tr> 

<td width^'100%" height=."33"> 
<table width="100%" border="0" cellpadding="0" cellspacing="0"> 

<tr> 

<td width="13%"> </td> 

<td width="76%" bgcolor="#C0C0C0"> 

<p align="center">Author J s Notes 
</td> 

<td width=" 1 1 %"> </td> 
</tr> 
</table> 
</td> 
</tr> 
<tr> 

<td\vidth=" 1 00%" height="2 1 "> <td> 
</tr> 
<tr> 

<td width="100%" height= H 21"> </td> 
</tr> 
<tr> 

<td width=" 1 00% H height="2 1 "> </td> 
</tr> 
<tr> 

<td width="100%" height="21"> </td> 
</tr> 
<tr> 

<td width="100%" height="21"></td> 
</tr> 
<tr> 

<td width-" 1 00%" height="21"x/td> 
</tr> 
</table> 
</td> 

<td width="8:-' V valign="top" align="left M height="540"> 
<table width "99%" border="0" cellpadding="0" cellspacing="0" height="463"> 
<tr> 

<td width--' "64%" height="58" valign="baseline" align= ,I center"ximg border="0" 
src= M wpe2.gif* •• !t»th-"368 M height="43" align="Ieft"Ximg border="0" src-"wpe3.gir 
width="233" he? :>t«»43" align="right ,, Xtd> 

<td width 36%" heigh!-"58" valign=? H .top" align="left"></td> 
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</tr> 
<tr> 

<td \vidth= H 64 0 /n" height="442"> 
<table border= M 0" w7dth="23 1" cellspacing="0" cellpadding= H 0 M height= H 167"> 
<tr> 

<td width= M 24"> </td> 

<td width= M 247 H ><fanf face=verdana,arial,helvetica size=-l><b>Shopping Cart Items— 
To Buy Now</b></font></td> 
<td width= M 26 H > 

<div aIign= M center"><font face=verdana,ariai,helvetica size=-l>Qty.</font></div> 
</td> 

<td width="52"> </td> 
<td width= M 16P> </td> 

</tr> 

<tr> 

<td width="24 H valign= H TOP M > 

<img alt^Icon" border="0" src="images/icon-vhs.gif width="22" height="22"> 

</til> 

<td bgcoIor="#FFFFFF" width="247"> 

<a href=7exec/obidos/ASIN/B00000K02F/l 04-7652825-2097546"><em>Prenatal Yoga 
with Colette Crawford<em></a> 

<br> 

<b>VHS</b> 

<br> 

Usually ships in 24 hours<BR> 
</td> 

<td align=centcr bgcolor=" // FFFFFF" width="26"> 

<input type-'text" name=quantity.B00000K02F size=4 maxlength=4 value=l 

</td> 

<td width="52" bgcolor="#FFFFFF"> 
<frmt size=2 face= : verdana,arial,helvetica color=#000000> 

<NOiili^<b>Our Price: <fo«t color=#990000>S24.95</font></b></NOBR><br> 
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</font> 
</td> 

<td align=right width="161"> 

<input border="0" n a me= H submit.move-to-save.B00000K02F" src^images/sbutton- 
save-for-Iater.gif type="image" value="Save item" width=»70» height="14 > 

<P> <in P ut align-Tight" border="(T «^^ L ^ B 9^ a ^ 4 «. 
src="images/sbutton-dc!ete.gir type="image" value="Delete item width- 42 

height="16"> 

</td> 

</tr> 
<tr> 

<td colspan=5 width="467 M > 

</td> 

</tr> 
<tr> 

<td width="24* valign="TOP"> 

<img alfc?"Icon" border="0" src="images/icon-books.gir width= 22 height- 22 > 

«=/td> 

<td bscolor="#FFFFFF" width="247"> _ « i * 

<a href=Vexec/obido S /ASIN/0130893404/104-7652825-2097546"x e m>Core Servlets 

and JavaServer Pages (JSP)<'em></a> 
<br> 

Marty Hall; 

<b>Paperback</b> 

<br> 

Usually ships in 24 hours<BR> 
</td> 

<ld align=c<:mc•rlH'color-= H ^/FFFFFF ,, vvidih="26 M > 
<input type^'text" nan: e =quantity.0130S934(M size=4 maxlength=4 value=l> 
</td> 

<td width="52 M bgcolor="#FFFFFF"> 
<font size=2 tace^verdiifia.arial, helvetica cobr--#0()0000> 
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<NOBR>List Price: < s trike>S42.99</strike></NOBR><br> 
' <:,'ODR><b>Our Pries. <font C o!or=«990000>$34.39</font><^></NOBR><br> 
<NOBR>You Save: <font co!or=#990000>$8.60 (20%)</font></NOBR> 



</font> 
</ld> 

<td align=right width= n 161 M > 

<input border= B 0" name="submit.move-to-save.B00000K02F M src="imageb/sbutton- 
save-for-later.gif type="image" value= B Save item" width="70" height= H 14"> 
<p> 

<input aUgn="right M border="0" name="submit.deIete.B00O00K02F" ^ 
src="images/sbutton-delete.gir typc="image H value="Delete item" width-"42" 
height="16"> 

<Jtd> 
</tr> 
<tr> 

<td co!span=5 width= M 467"> 

</td> 

</tr> 
<tr> 

<td width="24" valign= , TOP ,, > 

<img border=0 width=22 height-22 src=images/icon-vhs.gjfalt-Icon> 

</td> 

<td bgcolor= M #FFFFFF H width="247"> 

<a href=7exec/obidos/ASIN/0783222955/104-7652825-2097546"Xem>lo Kill a 
Mockingbird</em></a> 

(1969) 

<br> 

Gregory Peck; 
<b>VHS</b>; Widescreen 
<br> 

XJy. \lly ships in 24 ho«.-rs<-BR> 
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<td align=center bgcc4or= H #FFFFFF" width="26"> 
<input type="text" name=quantity.0783222955 size=4 maxlength==4 value=l> 

</td> 

<tdwvidth="52" bgcolor="#FFFFFF"> 



<font size=2 face=verdana,arial,helvetica color=#000000> 

<NOBR>List Price: <strike>S19.98</strikex/NOBRXbr> 

<NOBR><b>Our Price: <font coIor^990000>$1^.99</fqnt><b><^IOBR><br> 

<NOBR>You Save: <font cplor=#990000>$5.99 (30%)</fqnt></N9BR> 
</font> 

</td> 

<td align=right width="161 H > 

<input border="0" name="submit.move-to-save.B00000K02F" src="images/sbutton- 
save-for-later.gir type= B irnage" value="Save item" width="70" Height="14"> 
<p> • , 

<input align="right" border="0" name="submit.delete.B00pCTOK02F" 
src= K images/sbutton-deiete.gir type="image" value="Delete item" width="42" 
height= K 16"> 



<J\d> 
</tr> 
<tr> 

<td coIspan=5 width="467"> 

</td> 

</tr> 
<tr> 

<td ali.gn=right colspan=2 valign=middle >vidth="273"> 
If you changed any quantities, please start again. 

</td> 

<td valign=middle width="26"> 
</td> 
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<td colspan=2 width="215 M > 

<font face=verdana,arial,helvetica siz£=-lxb>Subtotal: <font 
coJor=#990000>$73.33  </fontx/bXp> 

</font> 
  

</td> 

</tr: 
<tr> 

<td align=right co!span=5 vaJign=middle width="513"> 

<table cellspacing-^" cellpadding="4" border= B 0" width^"707"> 

<tr> 

<td colspan= H 2" bgcoIor= K #EEEECC" width="175"xpxfont 
ffece="verdana,a^ial,helvet^ca' , size^"r>Payment 

Method</fontx/b></td> . . 

<td bgcolpr="#rEEECC" width="221"xbXfont face="verdana,anal,hclvet»ca 

size= M r>Credit 

Card No.<fontx/b></td> , ^ „ 

<td bgcQ|or="#EEEECC" nowrap width="197"xfont size= M l"> <bxfpn« 
face=*verdana,arial,helvetica">Expiraiion 
Date</fontx/b> </font>^td> 

<td bgcoIor="#EEEECC" noytfap width="156*xfont size^"l"> <bxfpnt 
face="verdana,ariaJ,helvetica "Cardholder's 
Name</fontx/b> <'fontx/td> 
</tr> 

<form name="transact H methbd="post" actibn=""> 
<tr> 

<td width="18"xinput type="radio" value="new-card" name="pay,ment-method" 
checkedx/td> 

<td width=" 1 45 "Xselect name=":ssuer"> 

<option vaIue="V">Visa 

<option value="M">MasterCard 

<option value="A"> American Express 

<option vaIue= H r>Diners Club 

<option value="D M >Discover 

<option value=" J"> JCB 
c/selectx/td> 

<td width="22rxinputtype="text" size="3" name="cardl" pnblur= H creditcheck()": 
<input type= H text" size^* name="card2" onblur="creditcheck()">-<input type="text M 
size="3" name="card3" onblur="creditcheckO">-<input typef-"<ejrt.-SBe-"3" 
name="card4"onblur= H creditcheck0"> < /td> 

<td width="197"><nobrXselect name="cc-exp-month"> 
<option value="0r>bl 
<option value= H 02">02 
<option value="03"X>3 



48 



0219614A1 I > 



WO 02/19614 



PCT/IN01/00102 



<option value="04 H >04 
<option value="05">05 
<option value="06">06 
<option value="07">07 
<option value="08 ">08 
<option value= M 09">09 
<option value="10">10 
<option value="l 1 ">1 1 

<hpfihn va!iie="I2">12 

</select><select name="cc-exp-year"> 
<option vaIue= B 2000">2000 
<option valuQ S8 "200r>2001 
<option value="2002">2002 
<option value ! ?= , '2003">2003 
<optioii value="2004">2004 
<optioii value="2605">2005 
<option value**"2Q06">2Q06 
Option vaIue="20b7 M >2007 
<optiDn value="2008">2q08. 
<option value="2009">2009 
<option vahie="20l0">2010 
<option value="201 1 ">201 1 
<option value="2012">2012 
<option value="20I3">20U 
<option vaJue="20H">2014 
option value="2pl5">2015 
<option value="26n5">2016 
<bption vahw-"2bl7">2017 
<option value="2018">2018 
</seIectx/hobrX/td> 
<td width="156"xinput type="text" size="20" value name="cardholder-name"x/td> 

<tr> 

<td width="18"x/td> 

<td width*" 145">Enter OyeNok ID (If already registered)</td> . 
<td width="22I"xinputtype="text" size="20" name= ,: card-number H x/td> 
<td width="I97"xp align="center"><a href^"authenticate.htm"xfont 
face="Bookman Old Style" size="2">Submii ^for.iXax/ta> 
<td width="156"> 

<nobr>If nqt  Registered</nobr> <a hree="signup.htnT>Click 

here</a><td> 
<tr> 

<td width="18" valign="top"xinput type="radio" value="check" name="payment- 
method"x/td> 

<td vaJign="top" colspan="4" width-"658"xfont face="verdana,arial,helvetica" 
size="-l">Pay 



49 



BNSDOCID: <WO 0219614A1J_> 



WO 02/19614 PCT/1N01/00102 

by check or money oirder</font>&nhsR; <fom Jace-^erdaiJa.arisi, helvetica" 
size= is "-2 M >(or check fund's on 
account)</fontx/td> 
</tr> 
</table> 

,</td> 
</tr> 
</form> 

</table> 
</td> 

<td width="36%? height-"442" vaHgn="top" align="!eft ,, > 
.   

<table border-"Q" width=" 1 00%" cellspacing-"0" cellpadding="0" 
height="458"> 
<tr> 

<td width="5%" height="458" valign="top" align="left"> 
<table border-"6" width-" 1%" bgcoJor*"#9A9£B4" cellspacing-"©". 
cellpadding-"0"> 
<tr> 

<td width-"100%">  

<p> </p> <p> *Vp> <p> </p> *p> </p> 
<i» </p> <p> <yp> <p> <p> 

<p> </p> <p>£nbsp;^p* <p> </p> <p> vp^ 
<p> </p> <p>&ribsp;s^p> 
<Jtd> 
</tr> 
</table> 
</td> 

<td width="95%" valign-*top" align="left" height-"458"> 

<img border=T src-^mages/wpea.gif* width="95" height="62"><img 

align="left" border="l" hspace*^" sr<^"ihiia^es/tbkila.gir vspace="3" width="76 l : 

height-" 140"> 

<p> </p> <p> </p> <p> <7p> <p> </p> 

<pximg align="left" border-" H hspace-^S" 
sic="http://images.amazon.conVimages/P^ 
width-" 1 05" height-" 140"X/p> 

<p> </p> <p> </p> <p> </p> 

<p> </p? 

<pximg align-"left" borde/-" I " hspace-"5 " 
src="http^images.amaz6n.coni/images/P/l 861003625.01 JvlZZZZZZZjpg" vspace^^*' 

width-" 111" height-" 140"> 
</p> 

<p> </p> 
<p> </p> 
<p> </p> 
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<p>  
</td> 
</tr> 
</table> 
</td> 
</tr> 

<tr> „, .„ 

<td Width=="64%" height="l" valign="top" align= left > 

</td>l 

<td 4idth="36%" height-" i" valign="top" align="left > 

  &nbsp,£ubs p ; &nbs — — — - . . 

P "&&sp; &4sp;&nbs P ;&hbsp;&^ 
;       

</td> 
</tr> 
</table> 
</td> 

</tr> 
<tr> 

<td width="83%" valign="baseline" align="left" heigh^"36"> 
<p aiign=-center"xfont face="Gar 3 mond" size^^Home | Library | 
Rfisearoh*| Online notes | Security | Author's notes</fontx/p> 

</td> 
<tr> 
</table> 

</body> 

</htral> 



<html> 

<b ° dy> <j S p:useBean id="authenid" scope="page" clMS="oyenok.^t.AuthTest-> 
<% authenid.setRandom(request.gc*Parameter("creditcardno ), 

You are Successfully Authenticated 

<% } else { %> 

Sony, the Authentication failed . 

<%}%> 

</jsp:useBean> 

</body> 

</html> 
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displftvrandom.isn 

<html> 
<head> 

,<script language= H JavaScript"> 
function tirner() { 

setTimeoutfwindow.status^Closing in 10 seconds 1 ", 1000); 
setTimjeoutCwindow.status^Closing in 9 seconds 1 ", 2000); 
sctTamcoutCwindow.status^Closing in 8 seconds'", 3000); 
setTlmeoutCwindow.status^Closing in 7 Seconds'", 4000); 
setTimeout("window.status- Closing in 6 seconds'", 5000); 
setTimeoutfwindow.status^Closin^ in 5 seconds 1 ", 6000); 
setTimeoutrwindow.status^Closing in 4 seconds'", 7000); 
setTimeoiitCwindow.status^Closing in 3 seconds'", 8000); 
^Timeoiit("vwndow.sstams=X;iosing in 2 .seconds'", 9000); 
setTimeoutfwindow.status^Closing in 1 seconds'", 10000); 
setTimeout("this.dose6",11000); " 

} 

</&cript> 
</head> 

<body onLoad="timer0" > 

<center> n 
Your Transaction ID is <^/crTequest.g^arameteK"randomval H )%> 

</center> 

</body> 
<html> 



ntMpdfltcinvri 
package rangoyenok. authenticate; 

import java.io.f; 
import java.util.*; 
import java.sql.*; 

public class Eventupdatc { 

String eventid,event,proceis,userid,ti^ 

pubiic EventupdateQ{ } 
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public void setEvemtid(String eventid) { 

this.eventid = eventid; 

} 

public void setEvent(String event) { 
this.event = event; 

> ) 

public void setProcess(String process) { 

this, process = event; 

} 

public void setUserid(String userid) { 

this.userid 555 userid; 

} 

public void setTime(String time) { 

this.time = time; 

} 

public void setStatus(String status) { 

this.status - status; 

} 

public void setServertune(String servertime) { 
this.servertime = servertime; 

public boolean setEventsO { 
try { 

Class.forName( M sun.jdbc.odbcJdbcOdbcDrive^ ,, ); 

Connection con = 
DriverManager.getConnection( ,, jdbc:odbc:OyenokDSN n > f, sa ,# , ,,H ); 

Statement st = con.createStatementO; 

String query = H INSERT INTO dyenok events ( 
values( tt +"'"+eventid+"7"+even^ 
erverthne+" , ) , \ 

st . executeUpdate(query) ; 

}catch(Exception e) { System. out. printing); } 
return true; 

} 
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public static void main(String s[]){ 

Eventupdate objeventupdate - new EvcntupdateQ; 

try { 

objevcnmpdatc.setEvents(W 

i" * 12/12/99"); 

9 ^ ' }catch(Exceptione) {Svstem.out.println(e);; 

} 

//String eventid, String event, String process, String userid,Stririg time, String status, 
//String servertijme 



amthCTticatten.jill 

Dim WithEveni^VoiccBbcxl As VoiccBocx 

Dim IBiig As Boolean 

Dim iviConn MADODB.Connection 

Dirxi tvrRs As ADODB.Recordset 

Dim ecxop As Integer 

Private Sub InitsalizeO 

1 1 

Set VtwccBocxl « New VoiccBocx 
Flag « False 

VooceBocxLLog - LOG Detailed 
Set chCcnn - Crcatc<»jcd<*ADODB.Qmneclioii") 
Set chRs - CrealcObjcct(" ADODB.Rccordsrt") 
chConxtOpen "samDSN", "sa - , 

Set VoiccBocxl » New VoiccBocx 

0 Set the Logging level to Detailed 1 
VoiccBocx 1. Log = LOG_DetaiIed 

■ Assign the TninkChanncl from the command line argument (if any) 
If Lcn(Command) > 0 Then 

VoiccBocxi.TnuikChannel » Vai(Command) 

Else 

1 The default channel is the 1st channel (number zero.) 
VoictBocxl .TninkChannei « 0 

Endlir 



End JSaib 
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Private Sub TcrminatcQ 

Set VoiccBccxl - Nothing 
ivrCpnn.Gose 
Set iyrRs ■ Nothing 
Set ivrConn - Nothing 
End Sub 

Private Sub HandleQutbotindCallQ 

Dim random, llnput, lNumber As Siring 

Dim ccNo, tcjno,' autld. As String 
Dim flagl As Boolean 

If VoiKSocxLHangupIsRuntixneError = True Then 
1 MsgBox "Caller HungUP" 
flagl * False ' 
Flag =» False 
End If 

If flagl - False Then: 
'MsgBox (Tidying Welcome Message.") 
VoiceEocxl.PlayFilc CC:Kmcssagcs\welcomc7.YOx"). 

Voice3ocxl.PIsyFilc ("C:\inessages\liansidYox") 

llnput - VoiceBccxl.GetDigits<13, 20, 15, "#") 

Dim Length 

Length =■ Len(Unpui) 

Length =* Length - 1 

llnput = Mid<llnput, 1, Length) 

Dim tempi 

' tempi » ivrRs.Ficlds<7) & ivrRs.Fields(10) 
If llnput - ValOcmpl) Then 
VoiceBccxLPlayFik CC:\meMg«Uhanksavpx") 
TvIsgBox "The User is Authenticated" 
Ftag = True 
Else 

MsgBox **n&e user is Invalid" 

VoicdBccxl .PlayFile ("C:\mcssages\coiauihei7cr.YOx-) 
Flag = False 
End If 

EnurTrap: 

1 J f it is a hangup, exit normally 

If Vofce3ccxLTnmkSiateNaine * 'RemcicDisconraned" Tnca 

1 MsgBox fCaller hung up, ■) 

Call VoiceSccxLDisconnec:CaIl 

Call f drmhiate 
End L p 
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End If 
End Sub 



Public Function DialNumb(ccNum As Siring) As Boolean 

Set iviConn » CxcalcObjcci("ADODB. Connection*) 
Set ivrRs - CieatcObjca(*ADODB.Rccord2W*) 
ivTCorai.Open •chDSN", "sa\ 

■MsgBox "Inside Testing Again" 
Call Initialize 

sql - "Select * from uscrjictails where crcditno ~" &. 

ivrRs. Open sql, ivrConn, adOpcnD>Tiamic, adLodtOptimisac 

phoncNumbcrS - hrRs.Ficlds(4) 

Call VokcBocal Jkfc^ True) 

Select Case (VoiccBocc 1 .TrunkSlalcName) 
(Case "Conmxtcd* 
If (VoiceEocsI.GlareDctected) Then 

MsgBox •Glare - Connected Inbound - 
Call VokcBo«i.DisconncaCali 
Call Terminate 
End If 

MsgBox "Connected Outbound- 
Call HandlcOiitboundCail 

Case "NoCcnnect* 

MsgBox •NoConnect* 
End Sclca 
ivrRs. Cose 

Call Terminate 
DialNumb * Flag 

End Function 
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(57) When a client server is permitted to be connect- 
ed to a network through a first access point based on 
authentication by an authentication server, the authen- 
tication server informs the first access point of an enci- 
pher key such asaWEP key used for encipher commu- 
nication between the client device and the first access 
point. Then, when the client device is moved to a com- 



municable range of a second access point, the authen- 
tication server creates no new encipher keys but informs 
the second access point of the encipher key used for 
the encipher communication with the first access point, 
whereby encipher communication is executed between 
the client device and the second access point by using 
the same encipher key as that used for the encipher 
communication with the first access point. 
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Description 



SUMMARY OF THE INVENTION 



BACKGROUND OF THE INVENTION 
Field of the Invention 

[0001] The present invention relates to a communica- 
tion system, in which a server device informs an access 
point of an encipher key used when a clientterminal per- 
forms communication through the access point. 

Description of the Related Art 

[0002] Conventionally, in a wireless LAN system, a cli- 
ent terminal has been connected to a network through 
wireless communication with an access point on the net- 
work. 

[0003] There is also a wireless LAN system, in which 
a client terminal receives authentication of connection 
to a network through an access point from an authenti- 
cation server on a network. 

[0004] In such a system, when the client terminal re- 
ceives authentication from the authentication server, the 
client terminal and the authentication server create an 
encipher key of a wired equivalent privacy (WEP) enci- 
pher system, and the authentication server informs the 
access point of the created encipher key. Then, the cli- 
ent terminal transfers enciphered data with the access 
point by using the encipher key of the WEP encipher 
system to perform secure wireless communication. 
[0005] Incidentally, a communicable range of the ac- 
cess point is limited to a range reached by electric 
waves. On the other hand, the client terminal can be 
freely moved. Accordingly, the client terminal may be 
moved from a communicable range of an access point 
1 to a communicable range of an access point 2. In this 
case, the client terminal must receive authentication of 
connection to the networkf rom the authentication server 
again through wireless communication with the access 
point 2, the client terminal and the authentication server 
must create a new WEP key, and the authentication 
server must inform the access point 2 of the new WEP 
key. 

[0006] That is, when the client terminal changed the 
access point, re-authentication from the authentication 
server, creation of a new WEP key, informing of a WEP 
key, and the like prolonged the process until communi- 
cation became possible. Consequently the process took 
time. 

[0007] In addition, in a system of many client termi- 
nals, since authentication and creation of a WEP key 
prolonged a process, a load on an authentication server 
inevitably became large. 

[0008] Furthermore, since the process took time 
when the access point was changed, usability was re- 
duced. 



[0009] A concern of the present invention is to im- 
prove usability of a system and a device. 

s [0010] Another concern of the present invention is to 
shorten time until communication becomes possible 
when a client terminal changes an access point. 
[001 1 ] Yet another concern of the present invention is 
to reduce a process when a client terminal changes an 

10 access point. 

[001 2] Other features of the present invention will be- 
come apparent upon reading of detailed description and 
drawings. 

15 BRIEF DESCRIPTION OF THE DRAWINGS 
[0013] 

FIG. 1 is a configuration view of a system according 
20 to an embodiment of the present invention. 

FIG. 2 is a block diagram of an access point accord- 
ing to the embodiment of the invention. 
FIG. 3 is a block diagram of a client terminal accord- 
ing to the embodiment of the invention. 
25 FIG. 4 is a sequential view showing a system oper- 
ation according to the embodiment of the invention. 
FIG. 5 is a sequential view of the system operation 
according to the embodiment of the invention. 

30 DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

[0014] Next, description will be made of an embodi- 
ment of the present invention. 

35 [0015] FIG. 1 is a configuration view of a system ac- 
cording to the embodiment of the invention. 
[0016] A reference numeral 101 denotes a network, 
to which an access point A103, and an access point 
B1 04 are connected. The two access points are shown 

^o in FIG. 1 , but the number of installed points is not limited 
to two. Each of the access points A103 and B104 can 
perform wireless communication with a client terminal 
1 05 present in communicable ranges 1 06, 1 07. Accord- 
ing to the embodiment, as a wireless communication 

45 system, a wireless local area network (LAN) based on 
a standard such as IEEE 802. 11, IEEE 802. 11b, or 
IEEE 802. 11a is used. 

[0017] The reference numeral 105 is the clienttermi- 
nal, which is connected to the network 1 01 through wire- 
50 jess communication with the access point A1 03 orB1 04. 
Though not shown in FIG. 1 , a plurality of client terminals 
1 05 may be present. 

[0018] A reference numeral 102 denotes an authen- 
tication server, which authenticates the client terminal 
55 1 05 connected to the network 1 01 , and creates an en- 
cipher key used in a wired equivalency privacy (WEP) 
encipher system. 

[0019] FIG. 2 is a block diagram of the access point 
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A103. 

[0020] A case of the access point B1 04 is similar. 
[0021] A reference numeral 201 denotes a wireless 
unit, which transfers wireless data. The wireless unit 201 
is constituted of a transmission unit 210, a reception unit 
211 , and an antenna 212. 

[0022] A reference numeral 202 denotes a signal 
process unit, which detects a signal received by the re- 
ception unit 211 to convert it into a digital signal, and 
modulates the signal in order to transmit a digital signal 
sent from a data process unit 203 by wireless. In addi- 
tion, the signal process unit 202 has a function of adding 
a header or the like in order to use data sent from the 
data process unit 203 for wireless transmission, and re- 
moving a header or the like from received data to send 
it to the data process unit 203. 

[0023] The reference numeral 203 is the data process 
unit which is constituted of a transmission data process 
unit 205 for enciphering data from a network interface 
208 by a WEP encipher system, and a reception data 
process unit 206 for decoding enciphered data. 
[0024] A reference numeral 204 denotes a control 
unit, which executes determination of presence of a new 
client terminal 105, control of the entire access point 
A103, and the like. 

[0025] A reference numeral 207 denotes a storage 
unit, which stores an encipher key for WEP enciphering, 
and information regarding an ID or the like of the client 
terminal 105. 

[0026] The reference numeral 208 is the network in- 
terface, which is an interface between the access point 
A1 03 and the network 1 01 . 

[0027] FIG. 3 is a block diagram of the client terminal 
105. 

[0028] The client terminal 1 05 of the embodiment is 
constituted of a wireless communication card. 
[0029] Functions similar to those of the access point 
A1 03 shown in FIG. 2 are denoted by similar numerals. 
[0030] A reference numeral 301 denotes a data com- 
munication interface, which is connected to an informa- 
tion processor such as a personal computer to perform 
data communication. 

[0031] A reference numeral 302 denotes a storage 
unit, which stores an encipher key for WEP enciphering, 
and information regarding an ID or the like of the client 
terminal 1 05 necessary for wireless communication with 
the access point A103 or the access point B104. Ac- 
cording to the embodiment, as an ID of the client termi- 
nal 1 05, a media access control (MAC) address is used. 
[0032] Next, description will be made an operation of 
the entire system of the embodiment with reference to 
the drawings. 

[0033] First, a process of first connection of the client 
terminal 105 to the network 101 through the access 
point A1 03 is explained by referring to a sequential view 
of FIG. 4. 

[0034] The client terminal 1 05 executes open authen- 
tication in the wireless LAN to be connected to the ac- 



cess point A1 03 (S401 ). 

[0035] The access point A1 03 obtains an ID of the cli- 
ent terminal 105 (S402). 

[0036] The access point A1 03 informs the authentica- 
5 tion server 102 of the ID of the client terminal 105 
(S403). 

[0037] The authenticalion server 102 determines 
whether authentication for the connection of the client 
terminal 105 to the network 101 has been finished or 
not, based on the ID informed from the access point 
A103 (S404). The client terminal 105 makes the con- 
nection for the first time, and the authentication has not 
been finished. Thus, it is determined that the authenti- 
cation has not been finished. 

[0038] The authentication server 1 02 requests the cli- 
ent terminal 105 to input a user name and a password 
(S405). 

[0039] The client terminal 105 inputs the user name 
and the password (S406). 

[0040] In order to enhance secrecy of the user name 
and the password inputted in step S406, the client ter- 
minal 105 executes irreversible numerical value 
processing called one-way hash, and informs the au- 
thentication server 1 02 of its one-way hash data (S407). 
[0041] The authentication server 102 collates the 
one-way hash data informed in step S407 with a data 
group regarding a user for permitting connection to the 
network 101, which is saved in a database in the au- 
thentication server 1 02. If a result of the collation shows 
coincident data, the connection to the network 101 is 
permitted to the client terminal 105, and the ID of the 
client terminal 105 is stored (step S408). 
[0042] The client terminal 1 05 and the authentication 
server 1 02 create an encipher key called a WEP session 
key (S409). The WEP session key is an encipher key, 
which is used in the WEP encipher system, and valid 
only for enciphering traffic of the client terminal 105. 
[0043] The authentication server 102 stores the cre- 
ated WEP session key in association with the ID of the 
client terminal 1 05, and informs it to the access point 
A103 (S410). 

[0044] The access point A1 03 enciphers a broadcast 
key with the WEP session key (S411), and sends the 
enciphered broadcast key to the client terminal 105 
(S412). The broadcast key is an encipher key, which is 
used when data broadcast from the access point A130 
to a plurality of client terminals 105 is enciphered. 
[0045] The client terminal 105 decodes the enci- 
phered broadcast key by using the WEP session key 
created in step S409 to obtain a broadcast key (S413). 
[0046] The access point A1 03 and the client terminal 
105 start WEP encipher sequences (S414, S415). 
[0047] Then, in communication with one client termi- 
nal 105 (point-to-point communication, the access point 
A1 03 transfers data enciphered with the WEP session 
key to perform secure wireless communication (S416). 
In broadcast communication with a plurality of client ter- 
minals 105 (point-to-multipoint communication), the ac- 
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cess point A103 transfers data enciphered with the 
broadcast key to perform secure wireless communica- 
tion (S416). 

[0048] Fig. 5 shows a sequential view of an operation 
when the client terminal 1 05, for which authentication of 
its connection to the network 101 through the access 
point A1 03 has been finished, is moved from the com- 
municable range 106 of the access point A103 to the 
communicable range 107 of the access point B104 to 
be connected to the network 101 through the access 
point B1 04. 

[0049] The client terminal 105 is moved out of the 
communicable range 106 of the access point A103 to 
be incommunicable with the access point A1 03 (S501 ). 
Then, the client terminal 1 05 is moved into the commu- 
nicable range 1 07 of the access point B104 to be com- 
municable with the access point B104. 
[0050] The client terminal 1 05 executes open authen- 
tication to be connected to the access point B104 
(S502). 

[0051 ] The access point B1 04 obtains an ID of the cli- 
ent terminal 105 (S503). 

[0052] The access point B1 04 informs the authentica- 
tion server 102 of the ID of the client terminal 105 
(S504). 

[0053] The authentication server 102 determines 
whether authentication for the connection of the client 
terminal 105 to the network 101 has been finished or 
not, based on the ID informed in step S504, and the 
stored ID of the client terminal 105, for which the au- 
thentication has been finished (S505). Here, for the cli- 
ent terminal 105, the authentication of its connection to 
the network 1 01 through the access point A1 03 was fin- 
ished in step S408 (FIG. 4), and the ID of the client ter- 
minal has been stored. Thus, it is determined that the 
authentication has been finished. 
[0054] The authentication server 1 02 i nstructs the ac- 
cess point A103 to delete the WEP session key stored 
in the storage unit 207 to be used for wireless commu- 
nication with the client terminal 105 (S506). 
[0055] The authentication sever 102 informs the ac- 
cess point B104 of the WEP session key stored in as- 
sociation with the ID of the client terminal 1 05 in step 
S410 (FIG. 4) (S507). 

[0056] The access point B1 04 enciphers a broadcast 
key with the WEP session key informed in step S507 
(S508), and sends the enciphered broadcast key to the 
client terminal 105 (S509). 

[0057] The client terminal 105 decodes the enci- 
phered broadcast key by the WEP session key created 
in step S409 (FIG. 4) to obtain a broadcast key (S510). 
[0058] The access point B1 04 and the client terminal 
105 start WEP encipher sequences (S511 , S512). 
[0059] Then, in communication with one client termi- 
nal 105 (point-to-point communication), the access 
point B104 transfers data enciphered with the same 
WEP session key as that used for the communication 
between the client terminal 105 and the access point 



A103 to perform secure wireless communication 
(S513). In broadcast communication with a plurality of 
client terminals 105 (point-to-multipoint communica- 
tion), the access point B1 04 transfers data enciphered 
s with the broadcast key to perform secure wireless com- 
munication (S513). 

[0060] In the embodiment, in step S507, the WEP 
session key stored in the authentication server 102 is 
informed to the access point B104, However, the WEP 
10 session key stored in the access point A1 03 may be in- 
formed through the authentication server 1 02 to the ac- 
cess point B104. 

[0061] In theforegoing explanation, the clientterminal 
105 was the wireless communication card. However, a 
15 function similarto the wireless communication card may 
be incorporated in a personal computer or personal dig- 
ital assistants (PDA). 

[0062] Needless to say, the object of the present in- 
vention can be achieved by supplying a storage medi- 
co um, in which software program codes for realizing the 
functions of the client terminal, the access points, and 
the authentication server are stored, to a system or a 
device, and causing the system or a computer (alterna- 
tively CPU or MPU) of the device to read and execute 
25 the program codes stored in the storage medium. 

[0063] In such a case, the program codes read from 
the storage medium realize the functions of the embod- 
iment themselves, and the storage medium, in which the 
program codes are stored, constitutes the present in- 
30 vention. 

[0064] As the storage medium for supplying the pro- 
gram codes, a ROM, a floppy disk, a hard disk, an optical 
disk, a magneto-optical disk, a CD-ROM, a CD-R, a 
magnetic tape, a nonvolatile memory card orthe like can 
35 be used. 

[0065] Needless to say, not only the case of realizing 
the functions of the embodiment by executing the pro- 
gram codes read by the computer, but also a case where 
based on instructions of the program codes, a part or ail 

40 of the actual process is executed by an OS or the like 
working on the computer to realize the functions of the 
embodiment are included in the present invention. 
[0066] Furthermore, needless to say, a case where 
the program codes read from the storage medium are 

45 written in a CPU orthe like provided in a function exten- 
sion board inserted into the computer or a function ex- 
tension unit connected to the computer and, then, based 
on instructions of the program codes, the CPU or the 
like provided in the function extension board orthe func- 

50 tion extension unit executes a part or all of the actual 
process to realize the functions of the embodiment is 
included in the present invention. 
[0067] As described above, according to the present 
invention, it is possible to enhance usability of the de- 

55 vice. 

[0068] It is possible to shorten time until communica- 
tion becomes possible when the client terminal changes 
an access point. 
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determination means for determining transition 
of the client terminal from communication 
through a first access point to communication 
through a second access point; and 
5 informing means for informing the second ac- 

cess point of the same encipher key as that in- 
formed to the first access point based on the 
determination of the determination means. 

10 6. A server device comprising: 

authentication means for authenticating con- 
nection of a client device to a network through 
an access point; 
15 informing means for informing an access point, 

to which the client device is connected, of an 
encipher key in accordance with a result of the 
authentication by the authentication means; 
and 

20 determination means for determining whether 

the client device which requests the authenti- 
cation means to execute authentication is a cli- 
ent device or not, for which authentication has 
been finished, 

25 

wherein the informing means informs the ac- 
cess point, to which the client device is connected, 
of a new encipher key in accordance with the deter- 
mination of the determination means. 

30 

7. The server device according to claim 6, wherein the 
informing means informs the access point, to which 
the client device is connected, of a new encipher 
key if the determination means determines that the 

35 client device which requests the authentication has 
been unauthenticated, and the access point, to 
which the client device is currently connected, of the 
same encipher key as that informed to an access 
point in previous authentication if it is determined 

40 that the client device is the client device, for which 
the authentication has been finished. 



[0069] Moreover, it is possible to reduce a process 
when the client terminal changes an access point. 

Claims 

1 . A communication system comprising: 

creation means for creating an encipher key 
used for communication between a client ter- 
minal and a first access point when the client 
terminal is permitted to be connected to a net- 
work through the first access point; and 
informing means for informing the first access 
point of the encipher key created by the crea- 
tion means, 

wherein the informing means informs a sec- 
ond access point of the same encipher key as that 
informed to the first access point when the client ter- 
minal is connected to the network through the sec- 
ond access point. 

2. A server device comprising: 

creation means for creating an encipher key 
used for communication between a client ter- 
minal and a first access point when the client 
terminal is permitted to be connected to a net- 
work through the first access point; and 
informing means for informing the first access 
point of the encipher key created by the crea- 
tion means, 

wherein the informing means informs a sec- 
ond access point of the same encipher key as that 
i nformed to the f i rst access point when the client ter- 
minal is connected to the network through the sec- 
ond access point. 

3. The server device according to claim 2, further com- 
prising: instruction means for instructing the first ac- 
cess point to delete the encipher key when the client 
terminal is connected to the network through the 
second access point. 

4. The server device according to claim 2, wherein the 
encipher key which the informing means informs to 
the second access point is an encipher key stored 
when the encipher key is created by the creation 
means, or an encipher key received from the first 
access point. 



8. A client terminal connected to a network through an 
access point, comprising: 

45 

creation means for creating an encipher key 
used for communication with a first access 
point; and 

communication means for executing encipher 
50 communication with the first access point by us- 

ing the encipher key created by the creation 
means, 



5. A server device for informing an access point of an 
encipher key used when a client terminal performs 55 
communication through the access point, compris- 
ing: 



wherein the communication means uses the 
encipher key used for the encipher communication 
with the first access point even when an access 
point connected for connection to the network is 
changed from the first access point to a second ac- 
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cess point. 

9. The client terminal according to claim 8, further 
comprising: receiving means for receiving a permis- 
sion notice of the connection to the network from an 
authentication server, 

wherein the creation means creates the enci- 
pher key in accordance with the reception of the 
permission notice by the receiving means. 

10. A control method for a communication system, com- 
prising the steps of: 

creating an encipher key used for communica- 
tion between a client terminal and a first access 
point when the client terminal is permitted to be 
connected to a network through the first access 
point; and 

informing the first access point of the encipher 
key created by the creation means, 

wherein in the informing step, a second ac- 
cess point is informed of the same encipher key as 
that informed to the first access point when the cli- 
ent terminal is connected to the network through the 
second access point. 

1 1 . A control method for a server device, comprising the 
steps of: 

creating an encipher key used for communica- 
tion between a client terminal and a first access 
point when the client terminal is permitted to be 
connected to a network through the first access 
point; and 

informing the first access point of the encipher 
key created by the creation means, 



1 3. A control method for a server device, comprising the 
steps of: 

authenticating connection of a client device to 
5 a network through an access point; 

informing an access point, to which the client 
device is connected, of an encipher key in ac- 
cordance with a result of the authentication in 
the authentication step; and 
10 determining whether the client device which re- 

quests authentication in the authentication step 
is a client device or not, for which authentication 
has been finished, 

15 wherein in the informing step, the access 

point, to which the client device is connected, is in- 
formed of a new encipher key in accordance with 
the determination in the determination step. 

20 14. A control method for a client terminal connected to 
a network through an access point, comprising the 
steps of: 

creating an encipher key used for communica- 
25 tion with a first access point; and 

executing encipher communication with the 
first access point by using the encipher key cre- 
ated in the creation step, 

30 wherein in the communication step, the enci- 

pher key used for the encipher communication with 
the first access point is used even when an access 
point connected for connection to the network is 
changed from the first access point to a second ac- 

35 cess point. 



wherein in the informing step, a second ac- 
cess point is informed of the same encipher key as 
that informed to the first access point when the cli- 
ent terminal is connected to the network through the 
second access point. 

12. A control method of a server device for informing an 45 
access point of an encipher key used when a client 
terminal performs communication through the ac- 
cess point, comprising the steps of: 

determining transition of the client terminal so 
from communication through a first access 
point to communication through a second ac- 
cess point; and 

informing the second access point of the same 
encipher key as that informed to the first access 55 
point based on the determination of the deter- 
mination step. 
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FIG. 5 
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